An updated ePayments Code (the Code) was published by the Australian Securities & Investments Commission (ASIC) on 2 June 2022.
The transition period for compliance with the updated version of the Code commences the day of publication and ends 2 June 2023. In addition to extending its application to the New Payments Platform, the Code enhances consumer protection in the banking and finance system.
What is the ePayments Code?
The Code was originally known as the Electronic Funds Transfer Code of Conduct (EFT Code) which existed from 1986. ASIC is responsible for administering the Code, which extends to monitoring compliance and conducting regular reviews. It is a voluntary Code, however, ASIC has confirmed that most banks, credit unions and building societies currently subscribe, along with a number of non-banking businesses.
According to ASIC, the Code complements other regulatory requirements, including financial services and consumer credit licensing, advice, training and disclosure obligations under the Corporations Act 2001 and the National Consumer Credit Protection Act 2009. Among other things, the ePayments Code:
- requires subscribers to give consumers clear and unambiguous terms and conditions
- stipulates how terms and conditions changes (such as fee increases), receipts and statements need to be made
- sets out the rules for determining who pays for unauthorised transactions, and
- establishes a regime for recovering mistaken internet payments.
Which sections of the Code have been updated?
Pursuant to the media release which accompanied the publication of the Code and “REP 718 Response to submissions on CP 341 Review of the ePayments Code: Further consultation” (the Report), the following areas have been updated:
- compliance monitoring and data collection: This resulted in removing the requirement in cl 44.1 that subscribers must report annually to ASIC on unauthorised transactions; retaining ASIC’s power in cl 44.2 to undertake ad hoc targeted compliance monitoring of specific obligations in the Code; and extending the ad hoc monitoring power so that ASIC may seek data and information to monitor or survey matters relevant to subscribers’ activities relating to electronic payments.
- mistaken internet payments: This resulted in extending the application of the Code to partial return of funds where only a portion of the funds is available in the unintended recipient’s account. The amendments give the receiving authorised deposit-taking institution (ADI) discretion to decide which option (ie complete funds, partial funds or no funds) is appropriate to pursue in the circumstances.
- unauthorised transactions: This resulted in some clarifications of the Code’s unauthorised transactions provisions, including provisions concerning pass code security and the allocation of liability. In particular ASIC clarified that an unauthorised transaction occurs only where a third party has made the transaction without the consumer’s consent. ASIC noted that, in relation to scams, they strongly encouraged further work to address scam losses outside the Code.
- complaints handling: It was decided to retain the two distinct complaints frameworks that are currently in Chapter F and Appendix A.
- facility expiry dates: This resulted in ASIC aligning the expiry date requirements for certain facilities under the Code with the expiry period in the Australian Consumer Law (ie 36 months), while clarifying that these requirements do not apply to debit and credit cards.
Will the Code be made mandatory?
The updated Code was a result of ASIC’s ongoing consultation with industry which culminated in the Report. Each of the resulting amendments are addressed extensively in the Report.
One development referred to in the Report is making the Code mandatory. ASIC noted that in 2014, the final report of the Financial System Inquiry recommended that the protections in the Code be made mandatory. Since then, other reviews have made similar recommendations. In this regard, ASIC has welcomed the Government’s recent proposal to commence work in 2022 on mandating the protections in the Code and consider that the Report, setting out a range of stakeholder views on possible changes to those protections, may provide useful insights.
Importantly, ASIC may undertake targeted compliance monitoring of specific obligations under the Code and subscribers should stay abreast of their current priorities This and wider developments in the regulation of the banking and finance industry are addressed in Thomson Reuters’ Weaver and Craigie The Law Relating to Banker and Finance.